From 3f724c95a86e6c08f23ff4f424b144cee81014dd Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Sun, 26 Mar 2017 14:50:59 -0600
Subject: [PATCH] Grant kernel access to new "virtual_disk" file.

This is a special file that can be mounted as a loopback device to
exercise adoptable storage code on devices that don't have valid
physical media.  For example, they may only support storage media
through a USB OTG port that is being used for an adb connection.

avc: denied { read } for path="/data/misc/vold/virtual_disk" dev="sda35" ino=508695 scontext=u:r:kernel:s0 tcontext=u:object_r:vold_data_file:s0 tclass=file permissive=0

Bug: 34903607
Change-Id: I84721ec0e9495189a7d850461875df1839826212
---
 public/kernel.te | 3 +++
 public/vold.te   | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/public/kernel.te b/public/kernel.te
index d1463dcd7..a93c8e908 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -73,6 +73,9 @@ userdebug_or_eng(`
 allow kernel media_rw_data_file:dir create_dir_perms;
 allow kernel media_rw_data_file:file create_file_perms;
 
+# Access to /data/misc/vold/virtual_disk.
+allow kernel vold_data_file:file read;
+
 ###
 ### neverallow rules
 ###
diff --git a/public/vold.te b/public/vold.te
index 88de4fda7..f4a391693 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -175,9 +175,9 @@ allow vold user_profile_data_file:dir create_dir_perms;
 allow vold misc_block_device:blk_file w_file_perms;
 
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
-neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
+neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
-neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
+neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
 neverallow { domain -vold -init } restorecon_prop:property_service set;
 
 neverallow vold fsck_exec:file execute_no_trans;
-- 
GitLab